2006 All Rights Reserved ViewCast Corporation.

SECURITY AND STREAMING MEDIA HOW TO SECURE YOUR VIDEO

AND PROTECT YOUR REVENUE
Mark D. Fears
Director, New Product Development
ViewCast Corporation, USA
ABSTRACT
As more and more popular applications come on the market such as streaming video to cell phones,
video blogging and streaming inside the networked home, security is key to protecting content and
privacy. There are multiple ways to secure and protect your streaming media so that confidential or
sensitive content doesnt end up in the wrong hands or distributed to an unauthorized audience. In
this session well talk about ways to protect content with software, DRM and new techniques in
video streaming like dynamic watermarking.
Security vulnerabilities are concerns that should be addressed because in many cases there are lost
revenues and ownership rights at steak. Come learn about the vulnerabilities and the ways you can
protect your system against intrusion and content against piracy.

INTRODUCTION
As video distribution explodes so does the risk of piracy and the need for securing content from
unauthorized access and piracy. While the debate rages on the effectiveness (and fairness) of Digital
Rights Management (DRM) versus consumer rights, this encryption and keying method is only one
of many tools the content creator can instigate to inhibit unauthorized viewing. Other methods for
protecting content that are not as invasive can be deployed and, for certain applications, can actually
be more effective.
This paper examines ways to protect streaming video content using different techniques and
technologies. Security-enabled networks, Digital Rights Management (DRM) encryption and
dynamic watermarking are the most popular methods that this document will review and diagram
the infrastructure or method. Although all of these can be implemented in unison, one or two will be
adequate to protect your content. It is important to understand that each represent a different level of
security and with higher security comes more restricted distribution. In some applications,
unrestricted distribution could be more important than security.

CHOOSING THE SECURITY LEVEL
Different applications require different levels of security measures to be implemented. Using the
security methods mentioned in the previous section, lets try to define a scale and rank each method
on that scale.
2006 All Rights Reserved ViewCast Corporation.
Restricting the access to the content by placing on a secure private network would rank as a high-
level security measure. After all, the best way to secure your content is not to distribute it publicly.
At the opposite end of the spectrum, watermarking the video with a brand would rank as a low-level
measure. The most important aspect to understand is that the
greater security method you deploy, the more restricted the
distribution of the content. So you must weight the importance of
broad distribution against the importance of protecting the content.
For example, if I created a product sales demonstration video, I
would want access of that content to a broad audience of potential
customers. I would choose the low-security measure to protect my
content. The logic: broad distribution of the content is paramount while copy protection and
restrictive access are not.
It is important that the content maintains corporate branding so that it couldnt be edited and used by
others for their own purposes. There is a significant expense to creating the content and if I have
licensed third-party content in my video message, I have an obligation, typically detailed in a third-
party license agreement, to protect the ownership and distribution rights of the licensor.
A high-level security example is corporate content to be distributed to a small closed network of
viewers.
In my role as Director, New Product Development, for ViewCast Corporation, I am required to
create and maintain the product development strategy and roadmaps. I am also responsible for
communicating these strategies to the executive staff and department managers, which typically
takes the form of a presentation. For participants that cant physically be present for travel reasons
and also to document the presentation, the event can be captured on video. This content would
require high-security measures that could use a couple of methods for protection. They would be
closed distribution on a security-enabled network and content watermarking with corporate logo and
confidentiality tag.
Since video communications has become commonplace in corporate environments, the ability to
restrict access and limit distribution of corporate video content has become a great concern. Much
like document encryption or password-protect networks, video content must be protected and secure
to ensure that it distribution and access are tightly controlled.
In the last example, the focus is the restriction of access with extremely limited distribution.
Security is increased while distribution is decreased.
As you increase your security measure, you limit the ability to
distribute your content to a broad audience. In some
applications, not only is this acceptable but absolutely
intended. However in the first example, the content is intended
for mass distribution and so a copy protection method, such as
encryption, are exchanged for a low-level security measure
such as watermarking or branding the content.
The greater the security method, the more restricted the
distribution of content can be. These two factors act against
each other and the deployment of these methods must find the right balance.

2006 All Rights Reserved ViewCast Corporation.
SECURE NETWORK METHOD
The easiest and most effective method of protecting your content is not to allow anyone to be able
access it however the value of the content is negated if no one can view it. The first step is to restrict
the ability for viewing to only those that you intend. This can easily be accomplished by placing the
content on a streaming server that is located behind a firewall on a private network.
Just like a document server on a corporate network, your content will reside on a streaming media
server that is located on a restricted network. The content is protected because only trusted viewers
have access to the network on which the content resides. Even if the intended viewer resides outside
the network, they can use the Microsoft Virtual Private Network (VPN) protocol to access the
network and then view the content. This would require that the network include a VPN server.
Another method of restricted access, even on a private network, is to hide the IP address of the
content. This is accomplished by simply providing the address only to those that you wish to view
the content.
The streaming server itself provides additional security measures. Besides creating log files that
include client IP address, time and date of content access, they provide content settings that can
restrict the clients ability to save the content making it a streaming view only. This prohibits the
client from saving a file copy of the stream on their local hard drive and then distributing the file
outside the corporate network.

ENCRYPTION AND KEY METHOD (DRM)
For users that need broad distribution of their content but want to restrict viewing, DRM has
become the widely accepted method for securing their content to authorized viewing only. In this
model, the content is posted on a streaming media server residing on the Internet while the link to
view that content is then posted on a public web site. When a client clicks the link, they are required
to perform an action such as provide personal information or purchase a license to view the content
before the content is streamed to their PC.
The basic components that make up a DRM system are:
Content that has been encrypted with DRM protection
License key that decrypts the DRM protected content
Third-party license provider
There are two ways that you can encrypt content with DRM protection. You can include the
encryption when you capture the content into a streaming format or you can import a video file into
your streaming media CODEC and create a new file with DRM protection.
In this process, the header of the resulting DRM protected file includes a web address for the license
provider. It also includes the DRM encryption. This encryption requires a license key in order for
the content to be viewed. The license key itself will be created when the content is encrypted.
The license key is then securely transmitted or delivered to the third-party license provider. The
license provider will place these keys into their database to be delivered to the client upon request.
2006 All Rights Reserved ViewCast Corporation.
The encrypted content is placed on a streaming media server and the content access link is placed on
a web page.
When the client clicks the web link to view the content, their streaming media player reads this
header information and redirects the client to the license provider web page the web address
included in the content header. The license provider typically customizes this page to the content
owners specification or corporate branding. On this web page, the client will be required to perform
some task, such as a transaction.
Once the task has been completed the license provider will transmit the license key to the clients
streaming media player. The key will unlock the content and the client will be able to view the
stream.
The license key is not transferable so that the client may not pass the ability to view the content to
another person or copy that license to another PC.
The above method describes a DRM system for streaming media, however DRM can be used for
other models such as copy protection or subscription viewing.
The third-party license provider can also limit the rights of the client based upon a criteria the
content owner provides. For example, the license could have subscription rights. This would allow a
client to purchase a license and be able to view that content multiple times with the license set to
expire after a predetermined period of time has passed.

BRANDING METHOD
The last method, which is also the least restrictive for distribution and viewing when solely used, is
branding the content. This branding can occur in a few different ways such as adding content
ownership and copyright information in the stream header but the most effective method is
watermarking the video.
Watermarking can simply be defined as the process of embedding data into another object or signal.
High-quality papers have hidden watermarks that can only be viewed while backlit from a strong
light source. Paper currencies include watermarks to make counterfeiting more difficult and easily
detected.
Video watermarking is quite different from document watermarking since it is a series of images
whereby each frame is imaged with a watermark. This watermark image resides in an area of the
video that will not restrict the viewing of the content but brands each frame of video with a mark
that represents ownership.
For example, Bill has created original content that he wants to distribute. He makes a copy of the
original content adding a watermark to the copy. This copy is used for distribution while the original
is kept secure. If Fred takes the copy and adds his watermark, then dispute of ownership can easily
be resolved since Bill has the original content without the watermark and Freds includes both his
and Bills signature watermarks.
When streaming video, adding a watermark is done during the encoding process. The source content
is captured and a watermark is added during the encoding process. When the content is viewed the
watermark is seen overlaying the video frames and can be made more or less apparent by setting the
opacity of the watermark.
2006 All Rights Reserved ViewCast Corporation.
For a live event, the content can be captured with and without a watermark. This would require two
encoding sessions making one captured file an original archive without a watermark and a
watermarked version for streaming distribution.

CONCLUSION
In this paper, I have presented three methods for protecting streaming video content. Each method
can be used independently or all three in unison to provide maximum protection.
It is important to understand that the more secure method of content protection deployed, the more
restrictive the ability to broadly distribute the content will become. Each application objective must
be examined and evaluated to ensure the appropriate security measures are used.
These approaches add a measure of security but are primarily intended to inhibit or reduce the threat
of content piracy. As with any security model, a dedicated hacker over time can successfully
circumvent these measures. I believe the methods presented will create a significant amount of work
that will successfully deter most potential threats or isolate it to a particular piece of content.